Posted
by
CmdrTaco
on Tuesday May 18, 2010 @11:22AM
from the what-if-i-wear-a-hat dept.

wiplash writes "Google Chrome appears to store at least some information related to, and including, the sites that you have visited when browsing in Incognito mode. Lewis Thompson outlines a set of steps you can follow to confirm whether you are affected. He has apparently reported this to Google, but no response has yet been received."

So, since the example in TFA didn't restart Chrome between incognito windows, I decided to see what happened when I followed the steps with "4.5 Exit chrome completely, then restart", and can confirm that even when Chrome fully exits and is restarted, it remembers the zoom level used in a URL only ever visited in an incognito window.

Do you believe every piece of FUD that comes out of sopssa's mouth? By default yes, everything typed into the address bar is sent to google which is how their autocomplete for searches works. If you just don't want it sent to google, change your default search provider. if you don't want it sent anywhere simply uncheck 'use a suggestion service to help complete searches and URLs typed in the address bar' in the Under the Hood tab of Options.

There's always Chromium; I run it on Ubuntu [hyperlogos.org]. For Windows there's SRWare Iron [srware.net]. I'm not sure which is the preferred build for OSX; perhaps Crossover Chromium [codeweavers.com]. TFA doesn't say whether Chromium is affected. Some comments under TFA state that the effect lasts only until Chrome is restarted, suggesting that the information is stored only in the memory cache.

Here's the bug in question, filed about 2 weeks ago:http://code.google.com/p/chromium/issues/detail?id=43107 [google.com]
Seems like someone looked at it, prioritized and classified it (eg pri-2, internals-cookies). What's the big deal? It's just a bug that needs to get fixed, not a huge conspiracy by Google.

The remember zoom was added to the 5.x Beta / Dev channels some time ago, and isn't a part of the current Chrome stable build. [ Google Blog Link : http://googlesystem.blogspot.com/2010/05/10-things-to-try-in-google-chrome-5.html ] Nevertheless, I doubt this is sending any information to Google. You forget Chromium is open source.

TFA only mentions zoom levels as being stored -- not any other info from users' porn-mode browsing session, just zoom levels. Chrome recently began saving users' zoom levels (if I'm not mistaken) so that pretty much explains that (while conveniently also accounting for why users of earlier versions may not experiencing this phenomenon as well.)
We're all waiting for google to slip up monumentally (or "pull a facebook," if you will,) but unfortunately we'll have to wait another day.

Be aware of the version you're using. Chrome v4 *may* not save the zoom level, so it wouldn't show it anyway. I'm on the dev channel, and thus am using the newly-released v6, and it's definitely reproducible.

And people, please. What happened to "never ascribe to malice"? Chromium is an open-source project -- if you have to, fix it yourself, I have little doubt that patch would make it into the official Google Chrome.

The article shows that a per-site setting (page zoom) persists between incognito sessions. That's all. No mention or even speculation that Google is storing that information on their servers.

That said, Incognito was never meant to be private browsing from Google. Your search queries still get send to your search provider (imagine that!) and auto-suggest will still work. What Incognito mode is for is to prevent your wife/brother/sister/boss from seeing the sites you use. This has been discussed to death already.

Firefox was a little more polite about it, but it's still pretty deep in there. I was setting up an embedded machine with Firefox (local web browsing, no Internet connection). I was really surprised how many things were in there on a clean install of it. It's not just url completion. There's "safe browsing", SSL cert verification, updates.. Well, just do an about:config and search for http:/// [http] and then https://./ [.] There are 29 http URL's, and 22 https URL's. That may not include remote resources that may be embedded into the code. I didn't review it to find out, but I did have a packet sniffer running while I was working to make sure there wasn't anything extra going out.

This wasn't looked at because my tinfoil hat was on too tight. These are for offline embedded machines, but they may (just may) be up on some sort of Internet connection occasionally, and that may be ungodly slow. I may not have the luxury of a few extra bytes going over the wire, if that's all I have to work with. (yes, we're talking very slow connections). And yes, it's a Linux platform, so you don't have everything and then some creating unwanted network traffic.:)

Um, yes, and AFAIK you have been able since almost the beginning. Wrench-->options-->under the hood --> "Use suggestion service...".

Just for the sake of putting this stupid argument to rest, I tested it with wireshark, and yes, unchecking that box immediately causes chrome to cease sending URLs to google. In fact, with all the boxes unchecked, it appears that the only traffic sent is directly to the websites that you are fetching.

I like how your "yet" implies that that hasnt been there from practically the start, though, or that you cant just use chromium if you are really that worried about it.... really some quality FUD there.

So, maybe Im just being an apologist here...
But while I did verify this, and can see some disk writes in ProcMon to a tmp file (which seems to be deleted on close), is it asking too much to have a little more info before running off and declaring it to be some additional nefarious way to collect info? Any packet sniffing, or even seeing if it can be replicated in chromium or Iron? Any effort to see ANYTHING AT ALL of whats going on, or whether that data is stored anywhere except the "magnify websites to this level" database?

I mean come on, I know Google is the new "cool to hate" company, but a 1 paragraph blog entry with NO technical details whatsoever makes REALLY poor outrage material.

That's the point -- the Queen can't just step in because she doesn't like the current government, it's only if the shit really hits the fan, as a last resort. For example, if an elected government tried to turn itself into a perpetual dictatorship without the support of the public, she could go in and kick some ass.